this post was submitted on 04 Apr 2026
357 points (99.2% liked)

Technology

86047 readers
3350 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related news or articles.
  3. Be excellent to each other!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
  9. Check for duplicates before posting, duplicates may be removed
  10. Accounts 7 days and younger will have their posts automatically removed.

Approved Bots


founded 3 years ago
MODERATORS
top 50 comments
sorted by: hot top controversial new old
[–] Mwa@thelemmy.club 53 points 3 months ago (1 children)

Am still not playing any Video Game with Denuvo.
(I only play games with Steam's DRM)

[–] lemmyng@lemmy.world 15 points 3 months ago* (last edited 3 months ago) (2 children)

SkidrowReloaded

RepacksLab

Fitgirl Repacks

ElAmigos

[–] tacosanonymous@mander.xyz 20 points 3 months ago (1 children)

For sure but I’m not doing hypervisor. That shit is dumb.

[–] ImgurRefugee114@reddthat.com 4 points 3 months ago* (last edited 3 months ago)

True, but I don't think I'd mind it I had a windows pc that I used like a game console and for nothing else. Obviously it's way more invasive, but game piracy is pretty risky in the first place.

Though I already gave up games that won't work on Linux, and am quite content with that so far. But if I was still determined to play pirated windows games, it would be a dedicated vlan-isolated machine which I always presume to be compromised; in that case, a hypervisor isn't that big of an ask to gain access to previously unplayable games

[–] Mwa@thelemmy.club 2 points 3 months ago

thanks for the sites ig

[–] thedeadwalking4242@lemmy.world 38 points 3 months ago (5 children)

On the one hand software freedom.

On the other this has me thinking about how fascinating this problem is from academic standpoint.

How can you ensure software can ONLY run on the machines you allow? Even if the user has ring 0 access?

Is it mathematically impossible to achieve?

[–] SpikesOtherDog@ani.social 46 points 3 months ago (3 children)

SAAS. You never install the entire application. Large parts of the engine never run locally.

[–] frongt@lemmy.zip 11 points 3 months ago (1 children)

Or use the cloud gaming approach and just stream the video, no local engine at all!

[–] SpikesOtherDog@ani.social 7 points 3 months ago (1 children)

That would protect the IP, but the response time is terrible. Pinging Google.com I get a response time of about 80 ms. At that delay, everything would feel spongy and laggy.

[–] frongt@lemmy.zip 17 points 3 months ago

If they cared about your experience they wouldn't be using intrusive DRM at all.

[–] mlg@lemmy.world 8 points 3 months ago

I think Denuvo technically does a little bit of this.

I forgot the exact details, but one of the keys that's used to unscramble the bytecode has to be downloaded from their registry server on first launch.

But after that, it's not required.

[–] Cethin@lemmy.zip 7 points 3 months ago (2 children)

Although that still never totally protects it. I've seen a fair few number of passionate game communities bring online-only games back from the dead by reverse engineering the server architecture. It's a lot of work, but if you know how the software is supposed to function then you can write the other half of the software that gives the response to make that work.

[–] Dnb@lemmy.dbzer0.com 5 points 3 months ago (1 children)

City of heroes is a big example

[–] Mondez@lemdro.id 3 points 3 months ago (1 children)

The original code for that was leaked, most if not all replacement servers run that code, not reverse engineered code.

load more comments (1 replies)
[–] SpikesOtherDog@ani.social 4 points 3 months ago (1 children)

Yeah, I can see that. I'm thinking of streaming assets and code on demand, similar to how an optical disk works. It's a terrible waste of resources, and they can be grabbed if they are not cryptographically secured.

[–] Cethin@lemmy.zip 3 points 3 months ago

Even that, a dedicated player can capture it. If it has to be rendered on the device then they have access to the assets.

[–] LedgeDrop@lemmy.zip 15 points 3 months ago (1 children)

It's totally possible to achieve. TPM is the desktop equivalent of the technology that runs on your cellphone to have apps detect if you have an unlocked bootloader or root. It's the same technology prevents your favorite concole (ie: switch 2, ect) from running pirated games.

This improved security does come at a price: we/the users are the enemy and cannot be trusted. This means modifying your system will be prohibited and we (the consumer) will have to trust that Big Tech has our best interests in mind. /s

[–] SomethingBurger@jlai.lu 12 points 3 months ago (2 children)

What's preventing spoofing this with a fake implementation?

[–] LedgeDrop@lemmy.zip 5 points 3 months ago (2 children)

To expand on this a bit:

It's all built on top of the concept of "a chain of trust", starting at the hardware level.

(as mentioned) TPM is a chip that'll store encryption keys at a hardware level and retrieval of these keys can only happen if the hardware is unmodified.

I assume that part of this key is derived from aspects of your OS (ie: all device drivers are signed by MS).

The OS will fetch this key, if it's valid - the OS knows that the hardware is untampered, it can then verify that the OS is unmodified, which can then be used by application to determine that their not modified, etc.

Now you could spoof your own TPM chip (similar to how Switch 1's are chipped/nodded), but the deal-breaker is that when you add your key to the TPM chip, you sign it with a hardware vendor specific public key. And that vendor private key is baked into the hardware (often into the CPU, so the private key never crosses the hardware bus).

[–] meaansel@lemmy.world 2 points 3 months ago (1 children)

But at the end of day, doesn't app have to ask OS? At that stage, can't you spoof "positive" responce of unmodified system?

[–] LedgeDrop@lemmy.zip 3 points 2 months ago

That's the strength of public/private key encryption.

The application (or OS) knows what the hardware vendors public key is. Thus ,it can verify that any message (or application key) claiming to come from that hardware (TPM) is legitimate or not. Thus, the OS is just a proxy or the middle man.

Now what you could do (in theory) is to start modifying the application and replace the hardware vendor public key with your own. ...but you'd need to do this with every application and they'll probably have some sort of anti-tampering or (more likely) you won't even be allowed to install the application because your OS isn't "safe/secure".

disclaimer: I'm a bit hazy on some of these details. There are probably more elegant solutions.

load more comments (1 replies)
load more comments (1 replies)
[–] redsand@infosec.pub 4 points 3 months ago

Only with a client server model like in multiplayer or always online games. DRM is a conceptual scam. This kind of attack is unpatchable. It's essentially a blue pill attack against a single program.

[–] someacnt@sh.itjust.works 2 points 3 months ago

I don't think this is matter of mathematics, it is difficult to define what "software only running on desired machine" is. Like, do you permit functionally equal software with different code? With painstaking effort, functionality should be approximated fairly close (although idk what that means in mathematical context) On the other hand, requiring exact code is likely not what they want.

Cryptographic guarantee requires mathematical specification, which seems ill-fit in this scenario.

[–] Kissaki@feddit.org 17 points 3 months ago (1 children)

What kind of measures do current Denuvo versions take that they need these kinds of bypasses?

[–] Kolanaki@pawb.social 15 points 3 months ago (1 children)

It's at least running in the HyperVisor layer of the OS, which to my understanding is basically the same as a rootkit, tho I am not sure if it's a higher or lower level than that.

load more comments (1 replies)
[–] devolution@lemmy.world 7 points 3 months ago (1 children)

By someone besides Empress?

[–] riquisimo@lemmy.world 3 points 3 months ago

https://crackwatcher.com/

Sort by popular, there are so many denuvo titles on there now cracked.

[–] Shanmugha@lemmy.world 7 points 3 months ago* (last edited 3 months ago) (2 children)

Wait, you mean client-side anticheat is not some holy unbreakable barrier? I am shocked (sarcasm)

load more comments (2 replies)
[–] NannerBanner@literature.cafe 7 points 3 months ago (2 children)

I'm not the most familiar with hardware level stuff. With the security disabled as in the article, can a malevolent actor rewrite firmware or leave the equivalent of an undetectable rootkit on your hardware? It would be mildly amusing to see an entire generation of pirates fuck up here, but also reminds me of the arguments regarding the intel cpus having a secondary, unknown firmware in the form of the management thingamajig.

[–] frongt@lemmy.zip 13 points 3 months ago* (last edited 3 months ago)

Firmware, unlikely. Rootkit, probably. The most likely attack is plain old malware. Attacks relying on those security features being disabled are uncommon.

However! If a malicious actor says "hey here's a guide to defeat denuvo on the latest game, and here's the crack', and the guide tells you to disable certain security features, the crack can contain malware specifically crafted to exploit that scenario. It's one of the reasons that guides saying "disable uac, disable antivirus, run as admin" are a huge bright red flag.

[–] BladeFederation@piefed.social 3 points 3 months ago* (last edited 3 months ago)

Very much possible, yes. I don't think any game is worth the risk. Even if you have a PC dedicated to just gaming, buying new hardware if it gets borked is more expensive than just buying the game. Or playing the hundreds of great games kn existence without Denuvo.

[–] Fmstrat@lemmy.world 3 points 3 months ago (2 children)

Would running in Proton mean the security issues are moot?

[–] LiveLM@lemmy.zip 5 points 3 months ago

This is too low level to run in Proton.

[–] descartador@lemmy.eco.br 2 points 3 months ago

Doesn't work

load more comments
view more: next ›